wip: deps(o/api,o/client-go): bump deps (test api open api model namer)

[ingvagabund]

Evidence PR for openshift/client-go#381

/hold

Summary by CodeRabbit

Release Notes

• Chores
  • Updated project dependencies to latest versions for improved stability and compatibility.
  • Adjusted internal repository references to enhance build reliability.

[coderabbitai]

Walkthrough

go.mod is updated to bump direct dependencies (github.com/spf13/pflag, golang.org/x/net, several k8s.io/* modules) and update replace directives for github.com/openshift/api and github.com/openshift/client-go to point to github.com/ingvagabund/* pseudo-versions. Multiple indirect dependencies are also version-bumped or restructured.

Changes

go.mod dependency and replace directive updates

Layer / File(s)	Summary
Direct deps and replace directives go.mod	Bumps github.com/spf13/pflag and golang.org/x/net in the top-level require block; advances k8s.io/klog/v2, k8s.io/utils, and other Kubernetes-related direct requires; updates replace directives to redirect github.com/openshift/api and github.com/openshift/client-go to github.com/ingvagabund/* pseudo-versions.
Indirect dependency updates go.mod	Upgrades indirect github.com/emicklei/go-restful/v3; expands github.com/go-openapi/swag from a single v0.23.0 entry to multiple v0.25.4 submodule entries; removes github.com/josharian/intern and github.com/mailru/easyjson; bumps golang.org/x/{crypto,sync,sys,term,text,tools}; updates k8s.io/kube-openapi and sigs.k8s.io/structured-merge-diff/v6 to v6.3.2.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 6

❌ Failed checks (5 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Ginkgo tests lack meaningful assertion messages (e.g., require.NoError(t, err) without context), do not use BeforeEach/AfterEach for setup/cleanup (using defer instead), and many tests assert mul...	Add meaningful assertion messages to all tests (e.g., require.NoError(t, err, "failed to create secret")), refactor tests to separate unrelated behaviors into individual It blocks, and consider using g.BeforeEach/AfterEach for common s...
Microshift Test Compatibility	⚠️ Warning	Multiple Ginkgo e2e tests use MicroShift-incompatible APIs without protection: test/e2e/certs.go uses ClusterOperator and IngressController APIs (config.openshift.io); test/e2e/custom_route.go uses...	Add [apigroup:config.openshift.io] tags to affected tests or add [Skipped:MicroShift] labels. For example: g.It("[Operator][Certs] TestRouterCerts [apigroup:config.openshift.io]". Reference: https://docs.openshift.com/container-platfor...
Single Node Openshift (Sno) Test Compatibility	⚠️ Warning	25 new Ginkgo e2e tests added without SNO (Single Node OpenShift) compatibility guards; tests lack [Skipped:SingleReplicaTopology] labels or IsSingleNode() runtime checks required for SNO compatibi...	Add SNO compatibility checks or labels to all new e2e tests. Use either: (1) [Skipped:SingleReplicaTopology] in test names, (2) IsSingleNode() runtime check with skip, or (3) ControlPlaneTopology topology check to guard multi-node assump...
Topology-Aware Scheduling Compatibility	⚠️ Warning	PR adds 3 deployments with topology-unfriendly scheduling: nodeSelector targeting master nodes (breaks HyperShift), oauth-openshift uses maxUnavailable:0+maxSurge:0 (deadlocks on SNO/TNF/TNA), and...	Review and apply topology-aware scheduling patterns: check ControlPlaneTopology, use required anti-affinity with maxUnavailable>=1, exclude arbiter nodes, remove master nodeSelectors on external CP topologies, and cap replicas to schedul...
Ipv6 And Disconnected Network Test Compatibility	⚠️ Warning	New Ginkgo e2e tests added contain IPv4-only assumptions: fmt.Sprintf builds URLs with hardcoded "127.0.0.1" without IPv6 brackets, and ClusterIP is hardcoded to "10.0.0.1".	Use net.JoinHostPort() for URL building (adds IPv6 brackets automatically). Detect cluster IP family dynamically or provide both IPv4/IPv6 addresses in test fixtures. For static URLs, use parameterized CIDRs via correctCIDRFamily() or Ge...
Title check	❓ Inconclusive	The title uses vague terminology ('wip', 'bump deps', 'test api open api model namer') that lacks specificity about the actual changes being made.	Revise the title to clearly describe the main objective, such as: 'Update OpenShift API and client-go dependencies' or 'Replace openshift/api and openshift/client-go with ingvagabund pseudo-versions'.

✅ Passed checks (9 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	No Ginkgo test files or test names present in PR. This is a dependency update PR affecting only go.mod, go.sum, and vendor files, not test code.
Ote Binary Stdout Contract	✅ Passed	PR contains only dependency updates; no code changes to main functions. OTE binary (cmd/cluster-authentication-operator-tests-ext) has klog.LogToStderr(true) on line 22, protecting stdout for JSON...
No-Weak-Crypto	✅ Passed	No weak crypto found. Code uses only strong algorithms: SHA-256, SHA-512, RSA, ECDSA, and proper TLS/X.509. No MD5, SHA1, DES, RC4, Blowfish, or ECB mode usage detected.
Container-Privileges	✅ Passed	PR only modifies go.mod dependency versions and replace directives. No container manifests, Dockerfiles, or K8s pod security configurations were changed, so container privilege check does not apply.
No-Sensitive-Data-In-Logs	✅ Passed	No logging of sensitive data found. Error logs use generic error objects; URLs logged are OIDC metadata endpoints without credentials; secret names logged are config keys only, never actual secret...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

Command failed

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ibihim for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 68-79: The go-openapi/swag dependency has been upgraded from
v0.23.0 to v0.25.4, which includes breaking changes. Search the operator
codebase for any usage of JSONMapSlice.MarshalYAML() and replace it with
YAMLMapSlice if found, since MarshalYAML was removed from JSONMapSlice in
v0.25.0. Also search for any calls to IsFloat64AJSONInteger() and verify that
the new rounding-based comparison behavior (changed from truncation in v0.25.4)
is compatible with how it is being used. If neither of these functions are used
in the codebase, document this verification and no further changes are needed.
The submodule expansion visible in go.mod is expected and does not require
modification.
- Around line 41-44: The replace directives in go.mod are redirecting
github.com/openshift/api and github.com/openshift/client-go to personal
experimental forks (ingvagabund/api and ingvagabund/client-go) using
pseudo-versions, which violates supply chain security guidelines. Remove the
entire replace block (lines 41-44) that contains these redirections, and instead
ensure the module requires official github.com/openshift/api and
github.com/openshift/client-go packages with stable release tags. Then verify
that the package imports in pkg/operator/replacement_starter.go (specifically
the calls to configclient.NewForConfigAndClient(),
operatorclient.NewForConfigAndClient(), routeclient.NewForConfigAndClient(), and
oauthclient.NewForConfigAndClient()) compile correctly against the official
OpenShift packages.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 144ed6a6-ab53-4656-aa48-720a4704e148

📥 Commits

Reviewing files that changed from the base of the PR and between 28632f2 and 5ef67d2.

⛔ Files ignored due to path filters (299)

• go.sum is excluded by !**/*.sum
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.codecov.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.mockery.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/convert_types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/sizeof.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/type_constraints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/convert_types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/path.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/initialism_index.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/loading.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/yaml.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/initialism_index.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/name_lexem.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/name_mangler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/pools.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/split.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/string_bytes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/name_lexem.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/net.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils/net.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/split.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/collection_formats.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yaml.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/yaml.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/josharian/intern/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/josharian/intern/intern.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/josharian/intern/license.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/buffer/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/bytestostr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/bytestostr_nounsafe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/lexer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jwriter/writer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiserver/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiserver/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apps/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/authorization/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/build/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/cloudnetwork/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/helm/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/helm/v1beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/image/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/imageregistry/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/imageregistry/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/legacyconfig/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/monitoring/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/monitoring/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/networkoperator/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/oauth/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_etcd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/osin/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/osin/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/project/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/project/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/quota/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/samples/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/samples/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/template/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/template/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/user/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientcredentialconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientsecretsecretreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalclaimssource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourceauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcecertificateauthorityconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcepredicate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcetls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkobservabilityspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourcedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourceurl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierrequestloggingconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/oauth/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/route/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/user/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/spf13/pflag/flag.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/html/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/html/nodetype_string.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/client_priority_go126.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/client_priority_go127.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/internal/httpsfv/httpsfv.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/websocket/hybi.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_other_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_x86.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/ioctl_signed.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/ioctl_unsigned.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/syscall_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/windows/types_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/cases/tables10.0.0.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/cases/tables11.0.0.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/cases/tables12.0.0.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/cases/tables15.0.0.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/cases/tables17.0.0.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/cases/tables9.0.0.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify API compatibility between fork and upstream versions
# Check if the fork pseudo-versions contain the same client constructors as upstream

echo "=== Checking ingvagabund fork versions exist and are accessible ==="
go list github.com/ingvagabund/api@v0.0.0-20260608151207-ccf82b04671a
go list github.com/ingvagabund/client-go@v0.0.0-20260608152916-388a325b5910

echo "=== Verifying critical imports from go.mod are available in fork versions ==="
# The following packages are imported in pkg/operator/replacement_starter.go
# Check they exist in the forked versions:
# - github.com/openshift/api/config/v1
# - github.com/openshift/api/features
# - github.com/openshift/api/operator/v1
# - github.com/openshift/client-go/config/clientset/versioned
# - github.com/openshift/client-go/operator/clientset/versioned
# - github.com/openshift/client-go/oauth/clientset/versioned
# - github.com/openshift/client-go/route/clientset/versioned

Repository: openshift/cluster-authentication-operator

Length of output: 567

---

🏁 Script executed:

# First, confirm the exact go.mod content
head -n 150 go.mod | tail -n 110

Repository: openshift/cluster-authentication-operator

Length of output: 5685

---

🏁 Script executed:

# Check what's imported from openshift/api and openshift/client-go in the codebase
rg "github\.com/openshift/api|github\.com/openshift/client-go" --type go -A 2 -B 2 | head -100

Repository: openshift/cluster-authentication-operator

Length of output: 9506

---

🏁 Script executed:

# Specifically check pkg/operator/replacement_starter.go for imports
head -n 100 pkg/operator/replacement_starter.go

Repository: openshift/cluster-authentication-operator

Length of output: 4795

---

🌐 Web query:

ingvagabund/api github openshift pseudo-version v0.0.0-20260608151207-ccf82b04671a

💡 Result:

The pseudo-version string v0.0.0-20260608151207-ccf82b04671a is a standard Go module version identifier used to reference a specific, untagged commit in a repository [1][2]. In this format: - v0.0.0 is the base version prefix [1][3]. - 20260608151207 is the UTC timestamp of the commit (June 8, 2026, at 15:12:07) [1][3]. - ccf82b04671a is the 12-character prefix of the commit hash [1][3]. While there is a GitHub user named ingvagabund who is an active contributor to the openshift/api repository [4][5], there is no evidence that this specific pseudo-version string corresponds to an official package, module, or release under the ingvagabund/api repository [6]. Pseudo-versions are automatically generated by the Go toolchain when a dependency is requested at a specific commit that lacks a semantic version tag [1][2]. It is highly likely that this string was generated in a local development environment or CI/CD pipeline when resolving a dependency on an untagged commit of a repository [1].

Citations:

• 1: https://go.dev/doc/modules/version-numbers
• 2: https://research.swtch.com/vgo-intro
• 3: https://github.com/golang/mod/blob/9d333315/module/pseudo.go
• 4: OCPBUGS-83754: fix(config/v1): define constants for authentication types as typed constants api#2814
• 5: NO-JIRA: remove beta enabled features from feature gates api#1934
• 6: https://github.com/ingvagabund/api

---

🌐 Web query:

ingvagabund/client-go github openshift pseudo-version v0.0.0-20260608152916-388a325b5910

💡 Result:

The string github.com/ingvagabund/client-go refers to a personal GitHub repository, specifically a fork or personal copy of the OpenShift Go client library (openshift/client-go) maintained by the user ingvagabund [1][2]. The identifier v0.0.0-20260608152916-388a325b5910 is a Go pseudo-version (also known as a module version) [3][4]. In the Go module system, pseudo-versions are automatically generated by the go command when a dependency is not tagged with a standard semantic version [3][5]. Key characteristics of this specific string: 1. Origin: It represents a specific commit in the ingvagabund/client-go repository [1][3]. 2. Format: The format v0.0.0-yyyymmddhhmmss-abcdefabcdef corresponds to [Semantic Version]-[Timestamp]-[Commit Hash]. In this case: - Timestamp: 2026-06-08 15:29:16 UTC. - Commit Hash: 388a325b5910. 3. Usage: This is typically used in a go.mod file to lock a dependency to a specific commit when the upstream project has not provided a tagged release for that specific state [5]. It is important to note that the official, authoritative repository for the OpenShift Go client is github.com/openshift/client-go, not the personal fork [6][3]. Users looking for the standard OpenShift client library should use the official upstream repository [6][3]. Personal forks like ingvagabund/client-go are often used by contributors for testing, prototyping, or specialized development and may not be stable or officially supported [1][2].

Citations:

• 1: https://pkg.go.dev/github.com/ingvagabund/client-go/examples/build
• 2: https://github.com/ingvagabund/cluster-openshift-apiserver-operator
• 3: https://pkg.go.dev/github.com/openshift/client-go
• 4: https://pkg.go.dev/k8s.io/client-go
• 5: https://github.com/openshift/client-go/blob/6892dc3e1ffc/go.mod
• 6: https://github.com/openshift/client-go

---

🌐 Web query:

openshift/client-go pull request 381 authentication operator

💡 Result:

There is no pull request #381 in the openshift/client-go repository related to the authentication operator [1][2]. The number "381" appears as a pull request identifier in several other OpenShift component repositories, which may be the source of the confusion: 1. cluster-kube-controller-manager-operator: PR #381, merged in 2020, involved bumping Kubernetes to 1.18.0 and rebasing library-go, client-go, and API dependencies [3]. 2. cluster-openshift-controller-manager-operator: PR #381, merged in 2025, involved updating Kubernetes dependencies to v1.32.2 [4]. 3. openshift/origin: A backport PR (associated with #30971) references "OPCT-381" in its title, relating to pinned images [5]. Regarding the openshift/cluster-authentication-operator (which manages authentication and OAuth configs), relevant pull requests often involve updates to client-go, library-go, or API dependencies (e.g., PRs #697, #759, and #873), but these do not correspond to the number 381 [6][7][8].

Citations:

• 1: http://github.com/openshift/client-go/pull/336
• 2: https://github.com/openshift/client-go/blob/6892dc3e1ffc/go.mod
• 3: Bump to k8s 1.18.0 and library-go,client-go,api rebases cluster-kube-controller-manager-operator#381
• 4: WRKLDS-1653: bump(k8s): update k8s.io/* dependencies to v1.32.2 cluster-openshift-controller-manager-operator#381
• 5: openshift/origin@3c9af18
• 6: API-1835: operator client update #697
• 7: OCPEDGE-1610: bump(kube,library-go,ocp/api): #759
• 8: 24dab9f

---

⚠️ Replace directives use personal fork pseudo-versions—must use official openshift packages.

Lines 41–44 redirect two critical dependencies to personal experimental forks with pseudo-versions:

replace (
	github.com/openshift/api => github.com/ingvagabund/api v0.0.0-20260608151207-ccf82b04671a
	github.com/openshift/client-go => github.com/ingvagabund/client-go v0.0.0-20260608152916-388a325b5910
)

These are blocking issues for an authentication operator:

1. Personal forks are unsupported for production: ingvagabund/api and ingvagabund/client-go are personal experimental forks, not official OpenShift releases. Pseudo-versions (v0.0.0-*) reference untagged commits and violate the supply chain security guideline: "No pre-release or yanked versions in production."

2. Critical dependency usage: pkg/operator/replacement_starter.go (lines 12–19, 52–59) directly instantiates these packages via configclient.NewForConfigAndClient(), operatorclient.NewForConfigAndClient(), routeclient.NewForConfigAndClient(), and oauthclient.NewForConfigAndClient(). Any divergence in the fork API surface will break operator startup.

3. No justification: The PR description does not explain why these forks are required. The reference to "CNTRLPLANE-2449: bump(openshift/api): pull in OpenAPIModelName changes client-go#381" in the original comment is incorrect—no such PR exists in the official repository.

4. WIP status: The PR is explicitly unfinished with /hold directive, indicating incomplete stabilization.

Before merge, you must:

• Remove replace directives and use only official github.com/openshift/api and github.com/openshift/client-go versions with stable release tags (not pseudo-versions).
• If upstream packages need fixes, contribute directly to openshift/api or openshift/client-go repositories or use a temporary fork only while awaiting upstream merge, clearly documented in the PR description.
• Verify all imports from pkg/operator/replacement_starter.go compile against the official packages.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 41 - 44, The replace directives in go.mod are
redirecting github.com/openshift/api and github.com/openshift/client-go to
personal experimental forks (ingvagabund/api and ingvagabund/client-go) using
pseudo-versions, which violates supply chain security guidelines. Remove the
entire replace block (lines 41-44) that contains these redirections, and instead
ensure the module requires official github.com/openshift/api and
github.com/openshift/client-go packages with stable release tags. Then verify
that the package imports in pkg/operator/replacement_starter.go (specifically
the calls to configclient.NewForConfigAndClient(),
operatorclient.NewForConfigAndClient(), routeclient.NewForConfigAndClient(), and
oauthclient.NewForConfigAndClient()) compile correctly against the official
OpenShift packages.

Source: Coding guidelines

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for known CVEs in go-openapi/swag v0.25.4
curl -s https://api.osv.dev/v1/query --data '{"commit":"go-openapi/swag@v0.25.4"}' | jq '.vulns'

Repository: openshift/cluster-authentication-operator

Length of output: 90

---

🌐 Web query:

go-openapi/swag v0.25.4 CVE vulnerabilities security advisory

💡 Result:

As of June 18, 2026, there are no known CVE vulnerabilities or active security advisories associated with version v0.25.4 of go-openapi/swag [1][2][3]. The project actively maintains a security policy and employs automated vulnerability scanning tools, including GitHub CodeQL, trivy, and govulncheck, to monitor for security issues [4][5]. Version v0.25.4, released on November 25, 2025, included updates such as the addition of an official security policy, dependency updates, and the introduction of fuzz testing to improve overall robustness [6][7][8]. Users are encouraged to report any potential security concerns privately to the maintainers through the GitHub security reporting feature as outlined in the project's security policy [4].

Citations:

• 1: https://guide.sonatype.com/component/golang/github.com%2Fgo-openapi%2Fswag/v0.25.4
• 2: https://hextrap.com/r/pkg/go/github.com/go-openapi/swag/
• 3: https://deps.dev/go/github.com%2Fgo-openapi%2Fswag
• 4: https://github.com/go-openapi/swag/blob/master/SECURITY.md
• 5: https://pkg.go.dev/github.com/go-openapi/swag
• 6: https://github.com/go-openapi/swag/blob/master/docs/NOTES.md
• 7: go-openapi/swag@v0.23.0...v0.25.4
• 8: go-openapi/swag@73525ad

---

🏁 Script executed:

#!/bin/bash
# Check go.mod context around lines 68-79
cd /tmp && head -n 85 /dev/stdin << 'EOF'
$(head -85 /dev/null)
EOF

# Try to find the go.mod file and examine it
find . -name "go.mod" -type f | head -1 | xargs head -n 85

Repository: openshift/cluster-authentication-operator

Length of output: 155

---

🏁 Script executed:

#!/bin/bash
# Check if submodule expansion is typical for go-openapi/swag
# Search for any documentation or GitHub info about this pattern
rg "go-openapi/swag" --type go -A 2 -B 2 | head -50

Repository: openshift/cluster-authentication-operator

Length of output: 3348

---

🏁 Script executed:

#!/bin/bash
# Examine the go.mod file to understand the dependency structure
cat go.mod | head -100

Repository: openshift/cluster-authentication-operator

Length of output: 4786

---

🏁 Script executed:

#!/bin/bash
# Check the actual go.mod file lines around 68-79 to see context
sed -n '50,90p' go.mod

Repository: openshift/cluster-authentication-operator

Length of output: 2271

---

🌐 Web query:

go-openapi/swag v0.25.4 release notes breaking changes between v0.23.0

💡 Result:

The upgrade from go-openapi/swag v0.23.0 to v0.25.4 involves several significant breaking changes and refactorings [1][2]. Key Breaking Changes: 1. Removal of MarshalYAML from JSONMapSlice: In v0.25.0, the MarshalYAML method was removed from the JSONMapSlice type [1]. This was part of a deliberate refactoring to separate JSON-only (JSONMapSlice) from YAML-aware (YAMLMapSlice) functionality to fix issues with incorrect YAML type tagging [1]. Consumers expecting JSONMapSlice to implement the YAML marshaler interface must switch to using YAMLMapSlice [1]. 2. Behavioral Change in IsFloat64AJSONInteger: There is a confirmed change in how IsFloat64AJSONInteger operates [2]. It was updated to use math.Round-based nearest-integer comparison instead of truncation-based comparison [2]. This alters the epsilon tolerance band, meaning certain values (e.g., 3.9999999999) that were previously not classified as integers are now classified as such, while others (e.g., 1.000000001) are no longer classified as integers [2]. 3. Broader Structural Changes: Beginning with v0.24.0, the library underwent a modernization effort that deprecated the traditional monolith API [3]. Consumers are encouraged to import specialized sub-modules (e.g., /conv, /fileutils, /jsonname) rather than the main package [3]. While the legacy API remained supported for compatibility, all exposed functions and variables were moved to these sub-modules [3]. If you are encountering build failures, you may need to update your code to use the new sub-module paths or, in the case of MarshalYAML, switch to the appropriate YAML-aware type [1]. Pinning to v0.23.1 is a temporary workaround often used by projects that are not yet ready to refactor their API calls [1].

Citations:

• 1: Support go-openapi/swag v0.25.x - MarshalYAML API breaking change go-swagger/go-swagger#3263
• 2: https://gist.github.com/dims/ecd681ea7d4748300d3b6203074e7d70
• 3: go-openapi/swag@v0.23.1...v0.24.1

---

Verify code compatibility with go-openapi/swag v0.25.4 breaking changes.

The upgrade from v0.23.0 to v0.25.4 includes confirmed breaking changes:

• MarshalYAML removed from JSONMapSlice (v0.25.0) — switch to YAMLMapSlice if used
• IsFloat64AJSONInteger behavior changed from truncation to rounding-based comparison
• API functions moved to sub-modules (v0.24.0+); legacy API deprecated

Audit the operator code for usage of JSONMapSlice.MarshalYAML() and IsFloat64AJSONInteger(), or confirm they are not used. The submodule expansion in go.mod is expected and does not require action.

No known CVEs in v0.25.4.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 68 - 79, The go-openapi/swag dependency has been
upgraded from v0.23.0 to v0.25.4, which includes breaking changes. Search the
operator codebase for any usage of JSONMapSlice.MarshalYAML() and replace it
with YAMLMapSlice if found, since MarshalYAML was removed from JSONMapSlice in
v0.25.0. Also search for any calls to IsFloat64AJSONInteger() and verify that
the new rounding-based comparison behavior (changed from truncation in v0.25.4)
is compatible with how it is being used. If neither of these functions are used
in the codebase, document this verification and no further changes are needed.
The submodule expansion visible in go.mod is expected and does not require
modification.

Source: Coding guidelines

[openshift-ci]

@ingvagabund: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-agnostic-upgrade	5ef67d2	link	true	/test e2e-agnostic-upgrade
ci/prow/e2e-agnostic	5ef67d2	link	true	/test e2e-agnostic

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.